Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

replacing all existing users who have the default ROLE_SAV_ENDUSER with our custom ROLE_ENDUSER."

Sanjeev
New Contributor
New Contributor

‎08/30/2024 02:29 AM

Hello everyone,

We've noticed that all of our users currently have the ROLE_SAV_ENDUSER by default. This role provides too much access to the system, including the ability to change their own account password. To address this, we've created our own ROLE_ENDUSER with more restricted access.

My questions are:

How do we replace the old ROLE_SAV_ENDUSER with our new ROLE_ENDUSER for all existing users?


Regards,
Sanjeev Kumar

Labels:
0 Kudos
19 REPLIES 19

NM
Honored Contributor II
Honored Contributor II

‎08/30/2024 02:32 AM

Hi @Sanjeev that is a massive change .. proper planning and implementation is required.

Are you referring to change password tile?

Just hide it.

0 Kudos

Sanjeev
New Contributor
New Contributor

‎08/30/2024 02:38 AM

Hello NM ,

Thank you for yours reply.

We are replacing all existing users who have the  ROLE_SAV_ENDUSER with our custom ROLE_ENDUSER.

This custom role has limited access. The ability to change their own password is just one example of the restrictions."

Thank you.

 

0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to Sanjeev

‎08/30/2024 02:47 AM

Hi @Sanjeev , you can try to update the config in external config.propeeties file.#job.ecm.imp.file.defaultrole=Desired Role

0 Kudos

indra_hema_95
Regular Contributor III
Regular Contributor III

‎08/30/2024 02:44 AM

Hi @Sanjeev you can refer this post https://forums.saviynt.com/t5/identity-governance/replacing-default-role-sav-enduser-with-our-custom...

Regards,

Indra

0 Kudos

Sanjeev
New Contributor
New Contributor

‎08/30/2024 02:52 AM

Hello @NM @indra_hema_95 ,

Thank you for your reply.

The changes have already been made so that new users are assigned my custom ROLE_ENDUSER. However, my problem is with the existing users who still have the old ROLE_SAV_ENDUSER. There are more than 2,000 of these old users. How can I assign the new custom ROLE_ENDUSER to these users?"

Thank you.

0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to Sanjeev

‎08/30/2024 02:57 AM

@Sanjeev only option I could think of to handle it via sav4sav connection.

Submit a bulk request to remove existing role and add new one.

0 Kudos

Sanjeev
New Contributor
New Contributor

‎08/30/2024 02:55 AM

Hello @NM @indra_hema_95 ,

The solution you provided is working for new users, and I've already implemented it in the system. Thank you for your quick reply.

Thank you

0 Kudos

Sanjeev
New Contributor
New Contributor

‎08/30/2024 03:22 AM

Hello @NM 

Can you please give me some detailed ideas on how to handle it via a sav4sav connection?

Thank you

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanjeev

‎08/30/2024 07:43 AM

  • Create new analytics report to add new sav role using Provision access to add ROLE_ENDUSER to all 2000 users
  • You can remove OOTB sav role from UI ROLE_SAV_ENDUSER or you can create analytics with deprovision access Action.

 

necessary - Sav4sav connector is setuped


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

NM
Honored Contributor II
Honored Contributor II

‎08/30/2024 03:39 AM

@Sanjeev are you importing sav roles as entitlement in your environment?

0 Kudos

Amit_Malik
Valued Contributor II
Valued Contributor II

‎08/30/2024 05:41 AM - edited ‎08/30/2024 05:41 AM

Hi @Sanjeev ,

If your environment is using SAV4SAV connector, then you can create a analytic that will create remove access task for end user sav role and add access for new custom sav role.

 

Or you can use Saviynt API - https://xxx/ECM/api/v5/addremoveuserfromrole

Prepare a file of all users you need to take action on and use this method to run postman collection

https://learning.postman.com/docs/collections/running-collections/working-with-data-files/

username can be referred from file . There are youtube videos also that you can refer , it is pretty straight forward

Amit_Malik_0-1725021563160.png

 

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

Sanjeev
New Contributor
New Contributor

‎09/02/2024 09:56 PM

Hello @NM 

I'm planning to import SAV roles as entitlements into the environment for the first time. Can you please guide me on how to proceed with this entitlement?

Thank you

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanjeev

‎09/02/2024 10:05 PM

  • Enable saviynt for saviynt from global configuration 
  • Update connection with service account
  • Run import Job
  • Now Import account to entitlement csv
  • run wsretry

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to Sanjeev

‎09/02/2024 10:45 PM

Hi @Sanjeev ,

In global configuration as soon as to tick the checkbox of saviynt for saviynt connection, a rest based connection will be created

Just add service account details for authentication.

0 Kudos

Amit_Malik
Valued Contributor II
Valued Contributor II
In response to Sanjeev

‎09/02/2024 10:59 PM

Hi @Sanjeev , 

You can refer this doc , it has step by step explanation. If you face any issue let us know

https://docs.saviyntcloud.com/bundle/Saviynt-REST-based-Guide/page/Content/Understanding-Integration...

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

Sanjeev
New Contributor
New Contributor

‎09/07/2024 01:13 AM

Hello All,

Thank you for yours reply 

My new question is as:-

How to Assign SAV Role as an Entitlement in Enterprise Role

Regards

Sanjeev Kumar

0 Kudos

Sanjeev
New Contributor
New Contributor

‎09/07/2024 01:16 AM

Hello All,

Thank you for yours reply 

My new question is as:-

How to Add new SAV Role as an Entitlement in Endpoint 

Regards

Sanjeev Kumar

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanjeev

‎09/07/2024 05:00 AM - edited ‎09/07/2024 08:53 AM

Schedule Job it will automatically create 

rushikeshvartak_0-1725724363922.png

 

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Amit_Malik
Valued Contributor II
Valued Contributor II
In response to Sanjeev

‎09/07/2024 08:30 AM

Hi Sanjeev,

You can run the sav4sav entitlement import job. New sav role will show up as entitlements

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC